Vulnerabilities (CVE)

Vendor filter

Ibm Subscribe

Product filter

Websphere Application Server Subscribe

Filter

346 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-4505 1 Ibm 2 Websphere Application Server, Websphere Virtual Enterprise 2019-10-09 5.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain...
CVE-2019-4477 1 Ibm 1 Websphere Application Server 2019-10-09 4.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.
CVE-2019-4442 1 Ibm 1 Websphere Application Server 2019-10-09 4.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM...
CVE-2019-4441 1 Ibm 1 Websphere Application Server 2019-10-09 5.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
CVE-2019-4305 1 Ibm 1 Websphere Application Server 2019-10-09 5.0
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.
CVE-2019-4304 1 Ibm 1 Websphere Application Server 2019-10-09 6.5
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.
CVE-2019-4285 1 Ibm 1 Websphere Application Server 2019-10-09 3.5
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request...
CVE-2019-4271 1 Ibm 1 Websphere Application Server 2019-10-09 3.5
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.
CVE-2019-4270 1 Ibm 1 Websphere Application Server 2019-10-09 3.5
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
CVE-2019-4269 1 Ibm 1 Websphere Application Server 2019-10-09 5.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.
CVE-2019-4268 1 Ibm 1 Websphere Application Server 2019-10-09 5.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the...
CVE-2019-4080 1 Ibm 1 Websphere Application Server 2019-10-09 6.8
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force...
CVE-2019-4046 1 Ibm 1 Websphere Application Server 2019-10-09 5.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.
CVE-2019-4030 1 Ibm 2 Websphere Application Server, Websphere Virtual Enterprise 2019-10-09 3.5
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2018-1996 1 Ibm 1 Websphere Application Server 2019-10-09 3.5
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the...
CVE-2018-1957 1 Ibm 1 Websphere Application Server 2019-10-09 2.1
IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed....
CVE-2018-1926 1 Ibm 1 Websphere Application Server 2019-10-09 6.8
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a...
CVE-2018-1905 1 Ibm 1 Websphere Application Server 2019-10-09 5.5
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2018-1904 1 Ibm 1 Websphere Application Server 2019-10-09 7.5
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.
CVE-2018-1902 1 Ibm 1 Websphere Application Server 2019-10-09 4.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.